In packet communication an amount of data is divided into parts and these parts are placed into packets for communication from a source to a destination via a system of packet communication nodes. Such systems of nodes can be provided in many different ways, e.g. by interconnection of several different networks that thereby form an internet or interconnected network.
One recurring problem in systems of packet communication networks is that of communication trustworthiness. Namely, due to the nature of packet oriented communication, where packets are sent from one node to the next and possibly pass a large number of nodes on their journey from source to destination, without fixed paths for communications between specific terminal nodes, there is in principle the danger that packets are introduced into the system with malicious intent. For this reason it is known to add mechanisms for policing and filtering packets, e.g. by adding security features (such as digital signatures or more generally security tags) to packets sent or forwarded by legitimate nodes and verifying these features at specific network points. If the presence of the required security feature is verified, the packet is considered trustworthy and processed regularly, e.g. forwarded towards the destination indicated in the packet, and if the security feature is not verified, the packet is treated as not coming from a legitimate source and processed accordingly, e.g. dropped or quarantined.
System points for performing such tests for trustworthiness can be gateways between individual administrative domains, such as different autonomous systems (AS). The nodes of each administrative domain are under the physical control of one entity, e.g. an Internet Service Provider (ISP), and illegitimate packets can therefore only come from the outside. Consequently, policing and filtering functions, such as provided by a fire-wall function, are implemented in gateway nodes that connect the given domain with other domains.
Such a concept works well under the described circumstances, i.e. when separate administrative domains are present. However, the concept is not applicable in all cases, e.g. if physical control of nodes and gateways can not be guaranteed. This may for example be the case in some virtual networks or ad-hoc networks. Virtual networks are formed by virtual nodes, i.e. each virtual node is an instance on a physical node than can host several virtual nodes, such that one physical infrastructure comprising physical nodes and physical links can host a plurality of virtual networks, each having its own virtual nodes and virtual links between virtual nodes. The physical infrastructure is therefore shared by a plurality of virtual network operators (VNO), none of which has control over the physical nodes, such that e.g. packets from one virtual network can leak into another virtual network due to mis-configuration at a physical node that hosts virtual nodes of the two virtual networks in question.